The latest statistics shows that the number of users attacked by Android ransomware has increased four-fold in one year, hitting at least 136,000 users worldwide. The Kaspersky Lab report on the ransomware threat landscape revealed that the majority of attacks are based on only four groups of malware. The report covers a full two-year period which has been divided into two parts of 12 months each: from April 2014 to March 2015, and from April 2015 to March 2016.
Ransomware is known as a type of malware that blocks the access to information on a user’s device by locking the screen with a special window or encrypting important files, and then extorts money from the victim. However, it is not only PC users who are in danger nowadays. According to the latest report on the threat landscape, the owners of Android-based devices are also being filled with ransomware.
Key findings:
- The number of users attacked with mobile ransomware increased almost four-fold: from 35,413 users in 2014-2015, to 136,532 users in 2015-2016.
- The share of users attacked with ransomware as a proportion of users attacked with any kind of Android malware also increased: from 2.04% in 2014-2015, to 4.63% in 2015-2016.
- Germany, Canada, the United Kingdom and the United States experienced a higher percentage of users attacked with Android ransomware than any other countries.
- Only four groups of malware were responsible for more than 90% of all attacks registered in the period. They are the Small, Fusob, Pletor and Svpeng malicious families.
- Unlike the threats facing PCs, where crypto-ransomware is skyrocketing while the number of users attacked with screen-blockers is decreasing, Android ransomware is mostly in the form of screen-blockers. This is due to the fact that Android-based devices can’t remove screen lockers with help of external hardware, making mobile screen blockers as effective as PC crypto-ransomware.
Despite the fact that the actual number of users hit by ransomware is lower and the rate of growth slower than the one for PC ransomware, the situation with Android ransomware is rather disturbing. At the beginning of the comparison period, the monthly number of users who encountered this type of malware on Android devices was almost zero, but by the end of the period it had reached nearly 30,000 attacked users monthly. This means that hackers are constantly exploring alternative opportunities to the PC and show no signs of moving on.
“The extortion model is here to stay. Mobile ransomware emerged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone. These could be connected devices like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time,” Roman Unuchek from Kaspersky Lab explained.
